Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Split Tunnel VPN to bypass Chinese Sensorship

Posted on 2014-01-08
4
Medium Priority
?
733 Views
Last Modified: 2014-01-14
My company has an office in China.  The great firewall of China often gets in the way of our western employees accessing sites that they need to work.  Some sites are completely blocked, others have their capability degraded to the point where they can be hardly used (such as Gmail).

We have a Sonicwall TZ170 in both Ottawa, Canada and Dongguan, China.  We have a VPN connection established between the sites.  I have tried routing all the traffic from Dongguan to Ottawa and this works, but it is far too slow to be practical.  

I am looking for a way to split the traffic so that restricted sites go through the VPN and unrestricted sites go through the Chinese internet.  Any suggestions?

Also, we have used various VPN services on the client machines and these work well.  But I would rather have something centrally managed.  Is there a way to route specific traffic through a 3rd party VPN?

Running Windows 2012 servers pretty much through and through.
0
Comment
Question by:encoad
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 71

Expert Comment

by:Qlemo
ID: 39766723
» Is there a way to route specific traffic through a 3rd party VPN?
Usually the answer has to be "no". VPN clients are not intended to route traffic. I've managed to force Cisco (IPSec) VPN client and Windows RRAS into proper routing (see http://www.experts-exchange.com/A_350.html for details). Most other VPN clients do not use a virtual network interface you can see in RRAS, and so that will not work for them.

» I am looking for a way to split the traffic so that restricted sites go through the VPN and unrestricted sites go through the Chinese internet.  Any suggestions?
Difficult to achieve. You'll have to route on target IP address. Unless the SonicWALL supplies wildcard routing via policy-based routing, to redirect all *.com, for example.
0
 

Author Comment

by:encoad
ID: 39766769
Is there some (relatively) inexpensive hardware that can help me achieve what I want? (either replacing or supplementing the Sonicwall).

The Sonicwall handle wildcard netmasks, but cannot do anything with specific domains.

We use VPN connections like PureVPN which works great, but I need this at the network level as opposed to the client level.

In my dreamworld, all domains owned by Google would go through PureVPN for example.
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 39766855
Nothing you can set up easily will help you in your mission. And I can't tell anything about PureVPN - the info they provide is confusing, but the protocols they use would all allow for routing, if the client does. If it works with the MS VPN (PPTP, SSTP, L2TP/IPSec) or the default Open Source OpenVPN client, making a Windows machine a router is feasible.

Still all solutions would require you to divert by IP addresses, not names. And that is the main issue. But Google US has some fixed IP ranges, so that would be managable. You would have to define the specific routing on a single point, best on your default gateway, and that usage would be transparent, no need to set up more on clients.

IDK, but a Web Proxy could also be able to apply domain specific rules - maybe even routing.
0
 
LVL 20

Accepted Solution

by:
carlmd earned 2000 total points
ID: 39767662
Take a look at the following. Even though it is older, it should help you route the traffic.


https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=5243
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Know what services you can and cannot, should and should not combine on your server.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question